Skip to content
AM

portal-api (REST + GraphQL)

Portal owns tenant identity, memberships, invitations, onboarding, RBAC, billing entry points, and platform authorization decisions.

Runtime

PropertyCurrent contract
Production API originhttps://api.portal.inblack.app
GraphQLPOST /graphql
External-agent bootstrapPOST /api/external-agent/signup
GraphQL operations39: 15 queries and 24 mutations
HTTP registrations44 total; the public reference omits internal and unresolved routes

portal.inblack.app is not the canonical API origin. Use the API hostname or the environment-specific origin returned by platform bootstrap/configuration.

GraphQL domains

The generated schema reference covers tenant and practice organizations, team membership, invitations, onboarding, rule packages, roles, and entitlements. Most fields carry @authenticated; additional restrictions are visible in the directive column.

Example:

Terminal window
curl https://api.portal.inblack.app/graphql \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{"query":"{ myOrganizations { id name status defaultCurrency } }"}'

See the GraphQL operation reference for exact arguments, output types, directives, and source locations.

HTTP routes

Portal registers authenticated product routes for billing and model-negotiation policy, the external-agent signup route, operational routes, a development playground, and the Stripe provider callback. Admin/model-negotiation and internal authorization routes remain excluded from the public reference.

Do not infer integration CRUD routes from UI labels. Use the HTTP route reference for paths actually registered in source.

Authentication

Authenticated GraphQL and product routes use the current Portal auth and membership path. Send an accepted bearer credential and explicit X-Tenant-ID when the route requires tenant context. External-agent signup has its own owner-principal and scope/audience checks.

The Stripe webhook is a provider callback, not a customer-callable REST API.

Agent boundary

Product UIs and backend integrations may call Portal APIs directly. Agents default to MCP where a Portal tool exists; the API schema is not a promise that every operation is exposed as an agent tool.